The United States Cyber National Mission Force (CNMF), a division of the Department of Defence's US Cyber Command, has announced that it is going to start publishing zero-day malware samples via Google's VirusTotal service - though only for samples it has declared as 'unclassified'.
Acquired by Google back in 2012, VirusTotal was founded in 2002 as a service to both the malware analysis community and the general public. Files uploaded via the public portal are both run through a gamut of popular anti-virus and anti-malware programs while also being shared with security companies that have signed up to the service; companies themselves, meanwhile, are encouraged to automatically submit the malware they have personally analysed so that other vendors can add detection to their own software and thus improve security for all.
VirusTotal is no stranger to high-profile partnerships, having worked with Microsoft in 2015 to reduce false-positive detection, but this latest is a doozy: The US Cyber National Mission Force (CNMF) has begun uploading samples of malware, including those attacking zero-day vulnerabilities for which patches and mitigation are not yet available, to VirusTotal.
'Recognising the value of collaboration with the public sector,' the organisation, a division of the Department of Defence (DoD), claims in its statement on the partnership, 'the CNMF has initiated an effort to share unclassified malware samples it has discovered that it believes will have the greatest impact on improving global cybersecurity.'
The key word in the CNMF's statement is, of course, 'unclassified'. The organisation, along with the wider DoD, is free to keep a lid on any malware, including those exploiting zero-day vulnerabilities, for its own purposes. The partnership represents a step forward, however, and is already proving to provide security researchers with early access to malware that would otherwise have gone undetected for longer periods.
Those interested in seeing the files shared by CNMF, along with the detection rate for popular anti-virus programs, will find the latest on the organisation's VirusTotal user page. Live updates, meanwhile, are available via Twitter.
September 15 2020 | 14:00